Skip to Content
MIT Technology Review
  • Featured
  • Topics
  • Newsletters
  • Events
  • Podcasts
    • Sign in

    A New Tool Plays Mind Reader With Your Passwords

    Microsoft Research’s Telepathwords demonstrates how strong (or weak) your passwords are by guessing them as you type.
    December 5, 2013

    Not sure if “password1234” is the best password to keep intruders out of your e-mail account? A new online tool from Microsoft Research called Telepathwords can help you figure it out by guessing which character comes next as you type your password (although hopefuly you already know that particular phrase is a poor choice). The better Telepathwords is at guessing what you’ll type, the easier it will likely be for someone trying to attack your inbox or online bank account protected by that password.

    Released Thursday, Telepathwords incorporates common known passwords and common phrases. According to a Microsoft news release, it was also tested by “several hundred” Microsoft employees in order to provide data on how people come up with passwords and to train Telepathwords to detect shoddy password-choosing habits that hackers would probably be aware of. It’s interesting that, rather than simply giving users a “strength” score, the team behind it wants to show you, step by step, how good or bad your password is. Telepathwords was built by security researcher Stuart Schechter and four others.

    The site is simple to use: you type the first letter or number of any password into a box and watch Telepathwords make three guesses as to what the next character will be. I tried this with a few passwords, and found that it had a pretty good idea of what I was going to type. When you’re done typing in your password, you see a series of check- and x-marks above it, scoring which characters that Telepathwords could guess and which it couldn’t. Occasionally, I was admonished with warnings such as: “Replacing a predictable letter with a key that looks similar? Attackers also know to substitute l for i, so it does little to improve your password.”

    The site does collect the characters you type, sending them to a Microsoft Research server in order to make guesses about what you’ll type next. It also keeps track of how you move your computer mouse and time of when you add or delete characters from your password. The site indicates this data is encrypted within your Web browser, and it may eventually be used for related research.

    Keep Reading

    Most Popular

    The inside story of how ChatGPT was built from the people who made it

    Exclusive conversations that take us behind the scenes of a cultural phenomenon.

    How Rust went from a side project to the world’s most-loved programming language

    For decades, coders wrote critical systems in C and C++. Now they turn to Rust.

    Design thinking was supposed to fix the world. Where did it go wrong?

    An approach that promised to democratize design may have done the opposite.

    Sam Altman invested $180 million into a company trying to delay death

    Can anti-aging breakthroughs add 10 healthy years to the human life span? The CEO of OpenAI is paying to find out.

    Stay connected

    Illustration by Rose Wong

    Get the latest updates from
    MIT Technology Review

    Discover special offers, top stories, upcoming events, and more.

    Thank you for submitting your email!

    Explore more newsletters

    It looks like something went wrong.

    We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.